[CRM-3658] Virus in file 'CRMDOC-20080710-14_20_36.zip' - CiviCRM Issue Tracker

Details

Type: Task
Status: Done/Fixed
Priority: Critical
Resolution: Fixed/Completed
Affects Version/s: 2.0
Fix Version/s: 2.1
Component/s: None
Labels:
None

Description

Could you remove the virus in file 'CRMDOC-20080710-14_20_36.zip'? This is the CiviCRM documentation file.

File location:
http://sourceforge.net/project/showfiles.php?group_id=177914&package_id=231295&release_id=612650

Info about the virus:
http://www.viruslist.com/en/search?VN=IRC-Worm.IRC.JeepWarz.j&referer=kis

To reproduce download the file 'CRMDOC-20080710-14_20_36.zip' from http://sourceforge.net/project/showfiles.php?group_id=177914&package_id=231295&release_id=612650

then scan it with Kaspersky Antivirus or any good and up to date antivirus.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

fixed_file.tar
2008-10-03 13:34
8 kB
Onopoc
kaspersky_alert.jpg
2008-10-03 13:41
21 kB
Onopoc
original_file.tar
2008-10-03 13:36
7 kB
Onopoc

Activity

[CRM-3658] Virus in file 'CRMDOC-20080710-14_20_36.zip'

Donald A. Lobo added a comment - 2008-10-02 16:33

can u unzip the directory and get a more specific handle on which file is the suspected virus. We are on macosx/ubuntu and are not running any antivirus currently

Donald A. Lobo added a comment - 2008-10-02 16:36

i meant unzip the download file. I also followed the links above and did not get any more information. the wiki does reference IRC in a few places and might even have IRC logs

Michał Mach added a comment - 2008-10-02 17:35

I downloaded the file for testing and removed it from sourceforge. Will post updates on file examination progress.

Michał Mach added a comment - 2008-10-02 18:42

The test detected the virus, however it's an pure HTML file, without any suspicious stuff it it (read it letter by letter) - so it seems like a false alarm. This way or the other, the file is not available anymore, and I'll generate a new documentation archive tomorrow and will test it for viruses to see if it doesn't raise the flag again.

Onopoc added a comment - 2008-10-03 13:32

According to Kaspersky Antirirus the virus is located into ZIP file 'CRMDOC-20080710-14_20_36.zip' under the following path:
\CRMDOC-20080710-14_20_36\CRMDOC\How to get Public Archives with Drupal and CiviMail.html

The antivirus does detect a virus but I think too that this is maybe a false alarm. To prove it I did the following 2 tests: First when I scan the original HTML file named 'How to get Public Archives with Drupal and CiviMail.html' the antivirus detects a virus.

Second test I open the file 'How to get Public Archives with Drupal and CiviMail.html' in the text editor WordPad. Make no change. Save the file. Scan it again with the antivirus and this time no virus is detected. File is safe.

Maybe a false alarm from the antivirus.

I have attached the fixed HTML file (fixed_file.tar) & the original HTML file (original_file.tar) to this issue. For safety you might want to scan both before using.

Hope this help.

Onopoc added a comment - 2008-10-03 13:34

Fixed HTML file. Compress with 7-Zip

Onopoc added a comment - 2008-10-03 13:36

Original HTML file. Compress with 7-Zip. You might want to scan this file with an antivirus before using.

Onopoc added a comment - 2008-10-03 13:41

Screenshot of alert from Kaspersky Internet Security version 7, on Windows XP.

Michał Mach added a comment - 2008-10-08 16:40

It was a false alarm. New version of documentation will be generated shortly.

People

Assignee:

Shailesh Lende

Reporter:

Onopoc

Dates

Created:

2008-10-02 15:27

Updated:

2017-05-12 23:26

Resolved:

2008-10-08 16:40